KR20210069691A - Systems, methods, and devices for access control - Google Patents

Abstract

The access control system may include a credential including credential data, and at least one reader. The at least one reader is configured to receive, via the link, the credential data. The at least one leader is configured to verify that the credential is valid based on the credential data, mark the credential as valid and track the location of the credential with respect to the at least one leader. The at least one leader is configured to make or delay an access control decision for the credential based on the location of the credential.

Description

Systems, methods, and devices for access control

CROSS-REFERENCE TO RELATED APPLICATION(S)

This application claims priority to U.S. Provisional Patent Application No. 62/754,812, entitled "Systems, Methods, and Devices for Access Control," filed on November 2, 2018, and the U.S. application is hereby incorporated by reference. It is hereby incorporated by reference in its entirety.

field of initiation

Example embodiments relate to systems, methods, and devices for access control.

Radio frequency identification (RFID) based access control systems typically involve a user providing a credential (eg, an access card) containing credential data to a reader. This action may be referred to as “tapping” the credential against the leader. The credential's credential data is then read by the reader using a short-range RFID protocol such as near field communication (NFC) or ISO 14443A/B. For a reader to read credential data with these short-range protocols, the credential must come within a short range or tapping distance (eg, a few centimeters) of the reader. In cases where the credential is a mobile phone, the credential is activated by unlocking the phone or applying an additional authentication process such as fingerprint recognition. Tapping the credential on the leader and/or activating the credential before reaching the leader may be, for example, access points of large venues (eg sports venues), public transport (eg , subways) can cause crowd movement issues in high throughput scenarios such as access points.

At least one example embodiment relates to access control methods, devices, and/or systems for improving throughput in high traffic scenarios while maintaining high level security.

According to at least one example embodiment, the access control system may include a credential including credential data, and at least one reader. The at least one reader is configured to receive, via the link, the credential data. The at least one leader is configured to verify that the credential is valid based on the credential data, mark the credential as valid and track the location of the credential with respect to the at least one leader. The at least one leader is configured to make or delay an access control decision for the credential based on the location of the credential.

In at least one example embodiment, the at least one reader is configured to delay making an access control decision for the credential when the location indicates that the credential is not within a first distance of the at least one reader. The at least one reader is configured to make an access control decision for the credential when the location indicates that the credential is within a first distance.

In at least one example embodiment, the at least one leader or credential may establish a link when the credential enters the engagement range of the at least one leader. In addition, the at least one leader and the credential may perform mutual authentication, via the link, before the at least one leader receives the credential data. Alternatively or additionally, at least one reader and credential may perform a secure read operation. Here, the contact maintenance range corresponds to a second distance from the at least one leader that is greater than the first distance.

In at least one demonstrative embodiment, the keep-alive range is based on the transmit/receive ranges of the at least one reader and the credential, and the operating frequency of the protocol used to establish the link.

In at least one example embodiment, the at least one leader is configured to determine the contact range based on an environment surrounding the at least one leader.

In at least one demonstrative embodiment, the access control system may further comprise at least one access mechanism that denies or permits access to a zone associated with the at least one leader based on an access control decision by the at least one leader. have. The at least one reader is configured to trigger the at least one access mechanism when the credential is within a third distance of the at least one reader or the at least one access mechanism. The third distance may be less than or equal to the first distance.

In at least one example embodiment, the at least one leader stops tracking the credential and terminates the link upon entry of the credential into the zone via the at least one access mechanism or upon exit of the credential from the contact range. .

In at least one example embodiment, the at least one reader is configured to track the location of the credential based on a received signal strength from the credential.

In at least one example embodiment, the at least one reader is configured to track the location of the credential by periodically pinging the credential to keep the link open.

In at least one example embodiment, the at least one reader is configured to track the location of the credential by receiving a broadcast signal from the credential. The broadcast signal may include a token belonging to the credential to identify the credential for the at least one leader.

In at least one example embodiment, the at least one leader may be closer to the at least one leader than the credential being tracked when the number of credentials tracked by the at least one leader exceeds a threshold and other unauthenticated credentials. is configured to stop tracking credentials when

In at least one example embodiment, the at least one reader is a plurality of readers communicating with each other via a communication network. A first leader of the plurality of leaders that has marked and tracked the credential notifies the others of the plurality of leaders that the credential is marked and tracked to allow the others of the plurality of leaders to track the credential.

In at least one demonstrative embodiment, the remainder of the plurality of leaders analyze communication between the first leader and the credential and/or the communication traffic to allow the remainder of the plurality of leaders to make access control decisions on the credential. monitor the

At least one example embodiment includes a method for access control. The method includes establishing credentials and a wireless link. Credentials include credential data. The method may further include receiving, via the wireless link, the credential data. The method may include verifying that the credential is valid based on the credential data, and marking the credential as valid and tracking the location of the credential with respect to the at least one leader. The method may include making or delaying an access control decision for the credential based on the location of the credential.

In at least one demonstrative embodiment, making or delaying the access control decision comprises delaying the access control decision when the location indicates that the credential is not within a first distance of the at least one reader, and making an access control decision for the credential when the location indicates that it is within a first distance.

In at least one demonstrative embodiment, establishing may include establishing a wireless link when the credential enters the contact range of the at least one reader. The keep-of-contact range corresponds to a second distance from the at least one leader that is greater than the first distance, and the keep-of-contact range is based on transmit/receive ranges of the at least one leader and the credential. The method may further include performing mutual authentication between the credential and the at least one leader.

In at least one demonstrative embodiment, the method may further include determining the contact range based on an environment surrounding the at least one leader.

In at least one demonstrative embodiment, the method may further comprise ceasing tracking of the credential and terminating the link upon entry of the credential via an access mechanism under the control of the at least one leader.

According to at least one example embodiment, a reader includes a first communication interface for wireless communication, a processor, and a memory comprising instructions, the instructions, when executed by the processor, cause the processor to cause the processor to include the first credentials of the reader. When within range, use the first communication interface to establish a link with the credential, the credential including the credential data. The instructions cause the processor to verify that the credential is valid based on the credential data, mark the credential as valid, and track the location of the credential to the reader. The instructions cause the processor to make or delay an access control decision for the credential based on whether the location of the credential indicates that the credential is within a second distance of the reader. The second distance is less than the first distance.

According to at least one exemplary embodiment, the reader may further include a second communication interface for communication with a plurality of other readers. The instructions include instructions that cause the processor to share information in the credential with a plurality of other leaders to enable the plurality of other leaders to make access control decisions or take over a link from the first communication interface to the credential. The instructions may include instructions to cause the processor to authenticate the credential, over the link, and, when the authentication is successful, receive the credential data, over the link.

Various aspects of exemplary embodiments will be described herein with reference to the drawings, which are schematic illustrations of idealized configurations. Although specific circuit configurations and circuit elements are described herein, it should be understood that the exemplary embodiments are not limited to the example circuit configurations and/or circuit elements shown and described herein. Specifically, it should be understood that circuit elements of a particular type or function may be replaced with one or many other circuit elements to achieve similar functionality without departing from the scope of the exemplary embodiments.

Exemplary embodiments are described in conjunction with the accompanying drawings, which are not necessarily drawn to scale. Of course, it should be understood that the present invention is not limited to the specific embodiments illustrated herein.
1A is a diagram illustrating an access control system in accordance with at least one example embodiment.
1B is a diagram illustrating an access control system in accordance with at least one example embodiment.
2 is a block diagram illustrating a wearable device (or credential) according to at least one example embodiment.
3 shows a block diagram illustrating a mobile device (or credential) in accordance with at least one example embodiment.
4 depicts a block diagram illustrating a reader in accordance with at least one example embodiment.
5 illustrates various stages of a credential accessing a leader in accordance with at least one example embodiment.
6 illustrates an example scenario for the systems of FIGS. 1A and 1B , in accordance with at least one example embodiment.
7 illustrates a method according to at least one example embodiment.
8 illustrates a method according to at least one example embodiment.
9 illustrates a method according to at least one example embodiment.
10 illustrates a method according to at least one example embodiment.

In general, there are several phases of an identification/access control transaction: 1) communication establishment (eg, establishment of a transport protocol link and session between the credential and the leader); 2) Set up (arbitrary) security protocols - for example, a cryptographic protocol based on mutual authentication ensures that credentials are only communicating with trusted leaders (and not rogue leaders designed to steal credentials (access rights)). and ensure that the leader is communicating with trusted credentials; 3) read the credentials, which may include sending credential data; 4) verify that the access credential is genuine (eg, checking cryptographic signatures, decrypting credential data, etc.); 5) make identity or access-based decisions on the reader itself or by an access control system coupled to the reader (e.g., the reader sends decrypted access rights or verified credentials to the access control system, which then access The control system will make an access decision based on the credential's content - for example, if the credential's specific ID is on a whitelist that defines who is allowed to enter a specific area the leader is controlling). In related art access control systems, these steps occur when the credential enters the leader field, which is less than about 8 centimeters from the leader (ie, during the human action of "tapping" the credential against the leader).

At least one example embodiment provides a way to shift at least some of the above-mentioned steps to a time during which the user holding the credential is still accessing the reader at a greater distance (eg, a few meters or tens of meters). It is suggested to use longer range protocols that can communicate the identity to the reader. For example, some or all of steps 1-4 above may be accomplished as soon as the credential enters the reader's contact range, which may be greater than a tapping distance of several centimeters.

When using longer range protocols for access control, the access point/mechanism that allows the user to access an area (eg door/revolving door, green light/red light, etc.) is still very far away from the door. may be required to be mechanically “triggered” in , thereby creating the potential for unverified users to access the zone. To address this issue, at least one exemplary embodiment proposes inserting another step between steps 4 and 5 above. For example, if the credential was verified in step 4, the system could mark the credential as valid and implement another step of tracking the credential as the credential moves within the leader's contact range. Using the tracking knowledge, the system can delay making access control decisions on the tracked credential until the credential is within a desired threshold distance (eg, 2 meters) of the leader. If the decision is to allow access to the access credential, then the access mechanism is triggered to allow the user through it.

In at least one exemplary embodiment, it is possible to track credentials based on an ongoing transport protocol connection when the connection remains open. For example, example embodiments may use a packet-based protocol such as Bluetooth Smart (BLE) or Wi-Fi to analyze packets sent to the reader by credential. At least one example embodiment includes using RSSI, potential angle of arrival, and/or time-of-flight properties of the credential to track the credential for one or more readers.

For example, if existing Bluetooth credentials are supported, the reader can "ping" the credential by trying to read some existing data or even trying to read some non-existent data at regular intervals. Pinging simulates the credential that the leader is still transacting with the credential, so the credential will not close the connection to the leader.

Exemplary embodiments include different ways to “mark” a credential or credential carrying device as valid. For example, at least one example embodiment includes marking a transport protocol media access control (MAC) address, wherein the established link is an open session and the MAC address of the credential is the continuation of the open session. It can be useful when immobilized during Another example embodiment includes marking a TCP/IP protocol IP address and/or other network protocol identifier that may be used to uniquely or substantially uniquely identify the credential, at least on a temporary basis. Another exemplary embodiment includes marking the session identifier of the session established between the credential and the leader. In another example, the reader may drop an “access token,” a one-time password (OTP), or the like, onto the device that can be read by the reader at a desired distance. In another example, the reader 112 may send a temporary key to the credential, which then in the proprietary protocol's key proof (eg, as a challenge response or credential generated cipher or signature based on the temporary key). Can be used for leader.

In at least one demonstrative embodiment, the credential may be given an access token that is then broadcast (advertised) by the credential. The reader will then scan/listen for those advertisements containing the access token to both mark and track the credential. In at least one example embodiment, the advertisement changes based on time and the advertisement includes a password that is calculated based on time and a temporary key that is provisioned as described above. One such example would have a truncated time-based one-time password (TOTP) password in an advertisement where the password is changed periodically (eg, every 30 seconds).

In at least one example embodiment, each leader may have a maximum number of potential concurrent credentials that may be tracked. Here, if the leader detects a closer unauthenticated credential, the leader can "dump" or ignore the farthest credential to prioritize the closer credential.

In at least one example embodiment, the leaders are connected between each other. This can happen either through a traditional connection to an endpoint that will pass all messages to all leaders, or using a message broker architecture paradigm. Here, example embodiments may use message queues whereby all leaders at a particular entrance or zone subscribe to the same entrance queue (eg, “stadium/entrance”). Then, every reader will publish these events and related data to a queue when the reader has a connection or marking event and all readers subscribing or listening to that queue will "listen" to that queue and thus receive connection/marking events. will receive Here, exemplary embodiments may use Message Queuing Telemetry Transport (MQTT) as a message broker.

In at least one example embodiment, the leaders are connected using wireless mesh technology.

An example of a scenario involving multiple readers using Bluetooth Smart based credentials and Bluetooth MAC address based marking is below. In this example, the first reader (leader B) performs all the steps described above including "marking" and keeps the connection to the credential alive.

Reader B then issues a marking event containing the MAC address to the message broker. These operations may include additional low-level radio protocol-based information such as the Bluetooth channel hopping scheme adopted for a particular connection.

Other leaders receive the marking event and start looking for or tracking "marked" valid credentials. One option is to find or sniff the Bluetooth communication and search for specific packets that are subsequently sent by the credential as it is still in the connection to leader B. When another leader (leader A) detects that the marked credential is valid for "open" at close range (eg, decision range) and triggers a positive access control decision, leader A has previously It makes access control decisions on the credentials that have been proven.

In another exemplary embodiment, it is possible for leader B to issue any information that will allow leader A to actually "take over" the credential and communication directly.

1A is a diagram illustrating an access control system 100 for authenticating a user 102 via a wearable device 104 in accordance with at least one example embodiment. In one exemplary embodiment, the access control system 100 includes at least one reading device (or reader) 112 (eg, 112A, 112B, ... 112N), at least one wearable device 104 , and at least one portable/mobile device (or credential) 108 . The reading device 112 may include an access data memory 116 . Access data memory 116 may be configured to store access information, identification data, rules, program instructions, and/or other data associated with performing access operations of access control system 100 . In some embodiments, the reading device 112 may be configured to communicate with the access data memory 116 over the communication network 128 . The access data memory 116 may be located remotely, locally, and/or locally and remotely from the reading device 112 . Access data memory 116 may be located within access server 120 .

The wearable device 104 and/or the mobile device 108 may be configured to communicate with the reading device 112 over one or more wireless communication connections. One or more of these wireless communication connections may include conventional radio protocols, proximity based wireless communication protocols, Bluetooth™, BLE, infrared, audible, NFC, ultra-wide band (UWB), RF, and other wireless communication networks. and/or communications via at least one of the following protocols. In some cases, communications between the wearable device 104 and the reading device 112 may be established automatically when the wearable device 104 enters the active area of the interrogation reading device 112 . In one embodiment, the active region of the reading device 112 is an RF signal emitted by the wearable device 108 where the strength of the RF signals emitted by the reading device 112 exceeds a threshold of sensitivity of the wearable device 104 . It can be defined as a three-dimensional space in which the strength of the signals exceeds a threshold of sensitivity of the reading device 112 .

In at least one example embodiment, the wearable device 104 and/or the mobile device 108 may be configured to communicate with the reading device 112 and/or the access server 120 over the communication network 128 . . Communication network 128 may be configured via at least one of radio networks, wireless communication networks, ZigBee, GSM, CDMA, Wi-Fi, and/or using other communication networks and/or protocols as provided herein. It may include communication.

In at least one example embodiment, authentication may be required between the wearable device 104 and the reading device 112 before further communications are enabled. Additionally or alternatively, authentication may be required between the wearable device 104 and the mobile device 108 before further communications are enabled. In any case, the additional communications may provide communications in which access control information (eg, keys, codes, credential data, etc.) is shared. In at least one example embodiment, authentication may be provided via one-way or mutual authentication. Examples of authentication may include, but are not limited to, simple authentication based on site codes, trusted data formats, shared secrets, and the like. As can be appreciated, access control information is more sensitive and may require more involved attestation, for example, through encrypted exchange of access control information.

In at least one demonstrative embodiment, the reading device 112 may be configured to request access control information from the wearable device 104 and/or the mobile device 108 . Such access control information may be used to authenticate the wearable device 104 and/or the mobile device 108 to the reading device 112 . Validation may include referencing information stored in access data memory 116 or some other memory associated with wearable device 104 and/or mobile device 108 . Typically, the reading device 112 is associated with a particular physical or logical asset (eg, door protected access to a secure room, computer lock protected sensitive information or computer files, a lock on a safe, etc.). In one embodiment, the wearable device 104 and/or the mobile device 108 may be authenticated via one or more components of the access control system 100 . Once the wearable device 104 and/or the mobile device 108 is authenticated, the credential information (or credential data) associated with the wearable device 104 and/or the mobile device 108 may be verified. During this process, the reading device 112 may generate signals (eg, engage/disengage a locking mechanism, lock the movement of the monitored item) that facilitate execution of interrogating results to the wearable device 104 . allow/disallow, temporarily disable itself, activate alarm systems, provide access to computer systems, provide access to specific documents, etc.). Alternatively, access server 120 or some other system backend component may generate such signals. In at least one example embodiment, mobile device 108 and reader 112 may be coupled to access server 120 via different communication channels. The access server 120 reads the reader over a first channel (eg, a wired channel) based on information exchanged with the mobile device 108 via a second channel (eg, a wireless channel) that is different from the first channel. The operation of (112) can be controlled.

According to at least one example embodiment, the reading device 112 may collect access control information associated with the wearable device 104 before an access control decision may be made. For example, the reading device 112 may require credential information stored on the wearable device 104 to authenticate the wearable device 104 . The validity of the wearable device 104 may be based on the validity of the associated mobile device 108 , or vice versa. In one embodiment, upon verifying the credential information stored on the wearable device 104 , the reading device 112 facilitates execution of the results of interrogating the wearable device 104 and/or the mobile device 108 . (e.g., engages/disengages a locking mechanism, permits/disallows movement of a monitored item, temporarily disables itself, activates an alarm system, and provides access to a computer system) and providing access to specific documents, etc.). As provided above, access server 120 and/or reader 112 may generate such signals.

Access server 120 may include a processor, memory, and one or more inputs/outputs. Memory of access server 120 may be used in connection with application programming or execution of instructions by a processor, and for temporary or long-term storage of program instructions and/or data. As examples, the memory may include RAM, DRAM, SDRAM, or other solid state memory. Additionally or alternatively, the access server 120 may communicate with the access data memory 116 . Like the memory of the access server 120 , the access data memory 116 may include solid state memory or devices. Access data memory 116 may include a hard disk drive or other random access memory.

In at least one demonstrative embodiment, the reading device 112 may be configured to communicate with one or more devices over the communication network 128 . For example, the reading device 112 may communicate with the wearable device 104 and/or the mobile device 108 over the communication network 128 . Among other things, this communication may allow for backend authentication and/or provide notifications from the reading device 112 to the mobile device 108 . Communication network 128 may include any type of known communication medium or collection of communication media and may use any type of protocols to transfer messages between endpoints. Communication network 128 may include wired and/or wireless communication technologies. The Internet is a communications network comprising an Internet Protocol (IP) network made up of many computers, computing networks, and other communications devices located throughout the world, connected through many telephone systems and other means. (128) is an example. Other examples of communication network 128 include, without limitation, a Standard Plain Old Telephone System (POTS), an Integrated Services Digital Network (ISDN), a Public Switched Telephone Network (PSTN) ), Local Area Network (LAN), Wide Area Network (WAN), Session Initiation Protocol (SIP) networks, Voice over Internet Protocol (VoIP) networks, cellular networks, RS-232, similar networks used in access control systems between readers and control panels, and any other type of packet switched or circuit switched network known in the art. Moreover, it can be appreciated that the communications network 128 need not be limited to any one network type, but instead may be comprised of many different networks and/or network types. Moreover, communication network 128 may include a number of different communication media such as coaxial cable, copper cable/wire, fiber optic cable, antennas for transmitting/receiving wireless messages, and combinations thereof.

In some embodiments, the access control system 100 may include at least one communication device 124 . The communication device 124 may include a mobile phone, smartphone, smart watch, softphone, telephone, intercom device, computer, tablet, mobile computer, alarm, bell, notification device, which is configured to convert received electrical and/or communication signals; pagers, and/or other devices. In one embodiment, the communication device 124 may be used to receive communications transmitted from the wearable device 104 via the reading device 112 .

1B illustrates an access control system 100 according to at least one example embodiment. Here, it should be understood that FIG. 1B is identical to FIG. 1A except that FIG. 1B does not include the wearable device 104 . For the sake of brevity, a full description of FIG. 1B is not provided herein.

Referring now to FIG. 2 , a block diagram illustrating a wearable device 104 is depicted in accordance with at least one example embodiment. The wearable device 104 may include one or more components, such as a memory 204 , a processor 208 , an antenna 212A-N, a communication module 216 , a wearable sensor 220 , a motion sensor 224 , and a position sensor ( 228) may be included. In some embodiments, the wearable device 104 may further include a power module. The processor 208 may be an application specific integrated circuit (ASIC), a microprocessor, a programmable controller, or the like.

Memory 204 of wearable device 104 may be used in connection with application programming or execution of instructions by processor 208 , and for temporary or long-term storage of program instructions and/or data. Memory 204 may include executable functions used by processor 208 to execute other components of wearable device 104 . In one embodiment, memory 204 may be configured to store credential information (or credential data) and/or access control information. For example, credential information/access control information may include, but is not limited to, unique identifications, manufacturer identification, passwords, keys, encryption schemes, transmission protocols, and the like. As examples, memory 204 may include RAM, DRAM, SDRAM, or other solid state memory.

The one or more antennas 212A-N may be configured to enable wireless communications between the wearable device 104 and the reading device 112 and/or the mobile device 108 . As can be appreciated, the antenna(s) 212A-N may be configured with one or more wireless communication protocols including, but not limited to, Bluetooth®, NFC, ZigBee, GSM, CDMA, Wi-Fi, UWB, RF, and the like. and operating frequencies. By way of example, the antenna(s) 212A-N may be RF antenna(s) and, as such, may transmit RF signals through free space to be received by a reading device 112 having an RF transceiver. . One or more of the antennas 212A may be driven or operated by a dedicated antenna driver 214 .

In some embodiments, the wearable device 104 may include a power module. The power module may be configured to provide power to portions of the wearable device 104 to operate. The power module may store power in a capacitor of the power module. In one embodiment, the electronic devices within the power module store energy in a capacitor and may be turned off when an RF field is present. Such an arrangement can ensure that energy is provided to the wearable device 104 to minimize any effect on the read distance. Although the wearable device 104 may be configured to passively receive power from the electrical field of the reading device 112 , it should be understood that the wearable device 104 may provide its own power. For example, the power module may include a battery or other power source to supply power to portions of the wearable device 104 .

The wearable device 104 may include a communication module 216 configured to communicate with one or more different systems or devices remotely or locally to the wearable device 104 . Accordingly, the communication module 216 may be used in other wearable devices 104 , mobile devices 108 , reading devices 112 , communication devices 124 , access servers 120 , access control systems, or It can send or receive messages from other systems. In at least one example embodiment, the communicated information may be provided to, or exchanged with, other components within the wearable device 104 .

Example embodiments of the wearable device 104 may include at least one wearable sensor 220 . Among other things, wearable sensor 220 may be configured to detect attachment and/or detachment of wearable device 104 to user 102 . For example, the wearable device 104 may include a clasp (eg, a watch band, bracelet, earrings, similar to a clasp such as a necklace). The operation of the clasp may be detected by the wearable sensor 220 of the wearable device 104 . Examples of other wearable sensors 220 may include, but are in no way limited to, contact sensors, switches, proximity sensors, etc., and/or combinations thereof.

In at least one example embodiment, the wearable device 104 may utilize one or more sensors 220 , 224 , 228 configured to detect information corresponding to the state of the wearable device 104 . The wearable sensors 220 may include one or more biometric sensors (eg, heart rate, body temperature and/or thermal signature, blood pressure, etc.), capacitive sensors, light sensors, temperature sensors, pressure sensors, contact sensors. , combinations thereof, and the like. In at least one demonstrative embodiment, the processor 208 of the wearable device 104 receives sensor information and determines whether the wearable device 104 is being worn by the user 102 , and determines whether the wearable device 104 is being worn by the user 102 . ), whether any interruption to wearing of the wearable device 104 is detected (eg, the wearable device 104 is continuously worn by the user 102 and/or removed from the user; timing associated with it) can be determined. As an example, the biometric sensor of the wearable sensors 220 may obtain biometric characteristics (eg, heart rate, blood pressure, body temperature, skin contact data, etc.) associated with the user 102 wearing the wearable device 104 . can be detected. The biometric characteristics determine the state (eg, worn or unworn, etc.) of the wearable device 104 and/or determine the identity of the user 102 wearing the wearable device 104 (eg, collected biometric characteristics stored in memory or associated with user 102 , etc.).

Motion sensors 224 may include one or more of a gyroscope, accelerometer, transducer, and/or other machine detection component, each configured to detect a force and/or motion associated with the wearable device 104 . This detected motion of the wearable device 104 is a known motion profile stored in the memory 204 or other associated memory, via the processor 208 of the wearable device 104 in determining the state of the wearable device 104 . can be compared with For example, a particular motion of the wearable device 104 may indicate that the wearable device 104 is being worn by the user 102 . In one embodiment, the detected motion of the wearable device 104 may be compared to the detected motion of the associated mobile device 108 to generate comparison results, or vice versa. The association of the mobile device 108 may be between the wearable device 104 and/or the user 102 having the wearable device 104 . In any case, the comparison results may indicate similarities between the motion of the wearable device 104 and the motion of the mobile device 108 over time. Similar motion comparison results between the wearable device 104 and the mobile device 108 may allow continuous authentication for the user 102 . Additionally, the motion comparison results (or simply detected motion information) can be used to assist the wearable device 104 in making an ingress or egress decision for the mobile device 108 and/or the wearable device 104 , the movement may be used by device 108 , and/or reader 112 . The dissimilar motion comparison results between the wearable device 104 and the mobile device 108 may be used to disable or abort continuous authentication for the user 102 . In one embodiment, extreme motion detected in one device (eg, wearable device 104 or mobile device 108 ) but not detected in another device may cause continuous authentication to be blocked, suspended, and/or disallowed. can

The wearable device 104 may include one or more location sensors 228 . The location sensors may be configured to determine a geographic location and/or position of the wearable device 104 . In one embodiment, this location may be based on Global Positioning System (GPS) data provided by a GPS module of the wearable device 104 . In some embodiments, the location of the wearable device 104 includes cell base station data, Wi-Fi information, iBeacon information, provided by the location module and/or communication module 216 of the wearable device 104 , and/or based on some other location information. The location of the mobile device 108 may be determined in a similar manner, if not the same as determining the location of the wearable device 104 . Although location information may not always be available inside buildings or other structures, location information provided by one or more location sensors 228 may be available, if available, to wearable device 104 and/or mobile device 108 It can be used to make an ingress or egress decision for

3 shows a block diagram illustrating a mobile device 108 in accordance with at least one example embodiment. Mobile device 108 may correspond to any type of electronic device, and, as the name suggests, the electronic device may be portable in nature. As some examples, mobile device 108 may correspond to a cell phone or smartphone carried by a user. Other examples of mobile device 108 include, without limitation, wearable devices (eg, glasses, watches, shoes, apparel, jewelry, wristbands, stickers, etc.). The mobile device 108 may be provided with a key vault 312 that stores one or a plurality of keys, as shown in FIGS. 1A/ 1B and 3 . The key(s) (or credential data) may be communicated to the reader 112 regarding the holder of the mobile device 108 attempting to access an asset protected by the reader 112 . As an example, the mobile device 108 may be provided to the reader 112 by the user 102 or the holder of the mobile device 108 .

If NFC is being used for a communication channel, then the reader 112 and the mobile device 108 may have their interfaces/antennas inductively coupled to each other, at which point the reader and/or the mobile device 108 may authenticate each other or mutually will authenticate After authentication, reader 112 may request a key or multiple keys from mobile device 108 , or mobile device 108 may provide the key or multiple keys to reader 112 . Upon receiving the key(s) from the mobile device 108 , the reader 112 parses the key(s) and determines if the key(s) are valid, and if so, the holder/user of the mobile device 108 It may allow access to assets protected by the reader 112 . The mobile device 108 may alternatively analyze information received from the reader 112 in connection with making an access control decision and/or in connection with making a determination of whether to provide the key(s) to the reader 112 . It should be understood that they may be additionally or additionally configured. Examples of techniques that may be used by mobile device 108 to make access control decisions for itself are further described in US Pat. No. 8,074,271 to Davis et al. and US Pat. No. 7,706,778 to Lowe, both of which are herein incorporated by reference. It is hereby incorporated by reference in its entirety.

If BLE or some other unguided protocol (eg Wi-Fi) is being used for the communication channel, then the reader 112 and the mobile device 108 are paired with each other or otherwise discovered before being connected to establish the communication channel. routine can be executed. However, after the channel is established, reader 112 and mobile device 108 can then authenticate each other and exchange relevant information such as key(s), so that access control decisions can be made. If a positive access control decision is made (eg, it is determined that the key(s) are valid and the mobile device 108 is allowed to access the asset protected by the reader 112 ), then the reader 112 will One or more actions may be initiated to allow the holder/user 102 of the mobile device 108 to access assets protected by the reader 112 .

The mobile device 108 is shown including a computer memory 304 that stores, among other items, one or more Operating System (O/S) 308 and a key vault 312 . The mobile device 108 is also shown to include a processor 316 , one or more drivers 320 , a user interface 324 , a reader interface 328 , a network interface 332 , and a power module 336 . Suitable examples of mobile device 108 include, without limitation, smartphones, PDAs, laptops, PCs, tablets, netbooks, wearable devices, and the like.

Memory 304 may correspond to any type of non-transitory computer-readable medium. In some embodiments, memory 304 may include volatile or non-volatile memory and a controller thereof. Non-limiting examples of memory 304 that may be used in mobile device 108 include RAM, ROM, buffer memory, flash memory, solid state memory, or variations thereof.

O/S 308 may correspond to one or multiple operating systems. The nature of the O/S 308 may depend on the hardware of the mobile device 108 and the form factor of the mobile device 108 . O/S 308 may be considered an application stored in processor executable memory 304 . O/S 308 allows other applications (eg, browsers, email applications, SMS applications, etc.) stored in memory 304 to include various hardware components and driver(s) 320 of mobile device 108 . A specific type of general-purpose application that allows you to enhance In some embodiments, O/S 308 may include one or more APIs that facilitate the interaction of applications with certain hardware components of mobile device 108 . Moreover, O/S 308 may provide a mechanism for viewing and accessing various applications stored in memory 304 and other data stored in memory 304 .

The processor 316 may correspond to one or more microprocessors contained within the housing of the mobile device 108 having the memory 304 . In some embodiments, the processor 316 integrates the functions of the user device's Central Processing Unit (CPU) on a single Integrated Circuit (IC) or several IC chips. Processor 316 may be a versatile programmable device that accepts digital data as input, processes the digital data according to instructions stored in its internal memory, and provides results as output. Processor 316 has an internal memory and thus implements sequential digital logic. Like most known microprocessors, processor 316 can operate with numbers and symbols represented in a binary system.

Driver(s) 320 may correspond to hardware, software, and/or controllers that provide specific instructions to hardware components of mobile device 108 , thereby facilitating their operation. For example, user interface 324 , reader interface 328 , and network interface 332 may each have a dedicated driver 320 that provides appropriate control signals to accomplish their operation. Driver(s) 320 may also include software or logic circuits to ensure that the various hardware components are controlled properly and according to desired protocols. For example, driver 320 of reader interface 328 may enable reader interface 328 to exchange credentials and communications with appropriate proximity-based protocols (eg, BLE, NFC, UWB, infrared, ultrasonic, IEEE 802.11N, etc.) can be adapted to ensure compliance. Likewise, the driver 320 of the network interface 332 allows the network interface 332 to exchange communications over the communication network 128 so that the network interface 332 may use appropriate network communication protocols (eg, TCP/ It can be adapted to ensure conformance to IP (at one or more layers within the OSI model), UDP, RTP, GSM, LTE, Wi-Fi, etc. As can be appreciated, driver(s) 320 may also be configured to control wired hardware components (eg, USB driver, Ethernet driver, etc.).

User interface 324 may include one or more user input devices and/or one or more user output devices. Examples of suitable user input devices that may be included in user interface 324 include, without limitation, buttons, keyboards, mice, touch sensitive surfaces, pens, cameras, microphones, and the like. Examples of suitable user output devices that may be included in user interface 324 include, without limitation, display screens, touchscreens, lights, speakers, and the like. It should be understood that user interface 324 may also include a combined user input and user output device, such as a touch sensitive display, or the like.

The reader interface 328 may correspond to hardware that facilitates communications and credential data for the mobile device 108 . Reader interface 328 may include a Bluetooth interface (eg, antenna and associated circuitry), a Wi-Fi/802.11N interface (eg, antenna and associated circuitry), an NFC interface (eg, antenna and associated circuitry), include a UWB interface (eg, antenna and associated circuitry), an infrared interface (eg, LED, photodiode, and associated circuitry), and/or an ultrasonic interface (eg, speaker, microphone, and associated circuitry). can do. In some embodiments, reader interface 328 is specifically provided to facilitate credential and proximity based communications over a communications channel or multiple communications channels.

Network interface 332 may include hardware that facilitates communications with other communication devices over communication network 128 . As noted above, the network interface 332 may include an Ethernet port, a Wi-Fi card, a Network Interface Card (NIC), a cellular interface (eg, antennas, filters, and associated circuitry), and the like. may include The network interface 332 may be configured to facilitate a connection between the mobile device 108 and the communications network 128 and communicates (eg, packets) according to a protocol used by the communications network 128 . may be further configured to encode and decode

The power module 336 is a built-in power source (eg, a battery) and/or power that facilitates conversion of externally supplied AC power to DC power used to power the various components of the mobile device 108 . It may include a converter. In some embodiments, the power module 336 may also include some implementation of a surge protection circuitry to protect the components of the mobile device 108 from power surges.

4 shows a block diagram illustrating a reader 112 in accordance with at least one example embodiment.

If NFC is being used in the communication channel between the mobile device 108 and the reader 112, then the reader 112 and the mobile device 108 may have their interfaces/antennas inductively coupled to each other, at which point the reader and /or the mobile devices 108 will authenticate each other or mutually authenticate. After authentication, reader 112 may request a key or multiple keys from mobile device 108 , or mobile device 108 may provide the key or multiple keys to reader 112 . Upon receiving the key(s) from the mobile device 108 , the reader 112 parses the key(s) and determines if the key(s) are valid, and if so, the holder/user of the mobile device 108 It may allow access to assets protected by the reader 112 . For example, the reader 112 may be provided with a key vault 412 for storing one or a plurality of keys. The key(s) (or credential data) may also correspond to keys or credential data stored in the key vault 312 of the mobile device 108 . The keys in key vault 412 may be used to make access control decisions for reader 112 . For example, if the key received from the mobile device 108 matches a key in the key vault 412 , then the reader 112 is the user holding the mobile device 108 in an asset secured by the reader 112 . 102 may be granted access.

If BLE or some other unguided protocol (eg, Wi-Fi) is being used in the communication channel between the mobile device 108 and the reader 112 , then the reader 112 and the mobile device 108 are paired with each other or Otherwise, a discovery routine can be performed before a connection is made to establish a communication channel. However, after the channel is established, reader 112 and mobile device 108 can then authenticate each other and exchange relevant information, such as key(s), so that access control decisions can be made. If a positive access control decision is made (eg, it is determined that the key(s) are valid and that the mobile device 108 is allowed to access the asset protected by the reader 112 ), then the reader 112 will One or more actions may be initiated to allow the holder/user 102 of the mobile device 108 to access assets protected by the reader 112 .

Reader 112 is shown including computer memory 404 that stores one or more operating system (O/S) 408 and key vault 412, among other items. Reader 112 is also shown to include a processor 416 , one or more drivers 420 , a system interface 424 , a reader interface 428 , a network interface 432 , and a power module 436 .

Memory 404 may correspond to any type of non-transitory computer-readable medium. In some embodiments, memory 404 may include volatile or non-volatile memory and a controller thereof. Non-limiting examples of memory 404 that may be used in reader 112 include RAM, ROM, buffer memory, flash memory, solid state memory, or variations thereof.

O/S 408 may correspond to one or multiple operating systems. The nature of the O/S 408 may depend on the hardware of the reader 112 and the form factor of the reader 112 . O/S 408 may be considered an application stored in processor executable memory 404 . O/S 408 allows other applications (eg, browsers, email applications, SMS applications, etc.) stored in memory 404 to use various hardware components and driver(s) 420 of reader 112 . A specific type of general-purpose application that can be enhanced. In some embodiments, O/S 408 may include one or more APIs that facilitate the interaction of applications with certain hardware components of reader 112 . Moreover, O/S 408 may provide a mechanism for viewing and accessing various applications stored in memory 404 and other data stored in memory 404 .

Processor 416 may correspond to one or more microprocessors contained within the housing of reader 112 having memory 404 . In some embodiments, the processor 416 integrates the functions of the reader's central processing unit (CPU) on a single integrated circuit (IC) or several IC chips. Processor 416 may be a versatile programmable device that accepts digital data as input, processes the digital data according to instructions stored in its internal memory, and provides results as output. Processor 416 has internal memory and thus implements sequential digital logic. Like most known microprocessors, processor 416 can operate with numbers and symbols represented in a binary system.

Driver(s) 420 may correspond to hardware, software, and/or controllers that provide specific instructions to hardware components of reader 112 , thereby facilitating their operation. For example, system interface 424 , reader interface 428 , and network interface 432 may each have a dedicated driver 420 that provides appropriate control signals to accomplish their operation. Driver(s) 420 may also include software or logic circuits to ensure that the various hardware components are controlled properly and according to desired protocols. For example, the driver 420 of the reader interface 428 may be adapted to ensure that the reader interface 428 conforms to appropriate protocols so that the reader interface 428 can exchange communications with the mobile device 108 . . The driver 420 of the system interface 424 allows the system interface 424 to exchange communications with the system interfaces 424 of other readers 112 to ensure that the system interface 424 conforms to the appropriate protocols. can be adapted Similarly, the driver 420 of the network interface 432 allows the network interface 432 to exchange communications over the communication network 128 so that the network interface 432 may use appropriate network communication protocols (eg, TCP). /IP (at one or more layers within the OSI model), UDP, RTP, GSM, LTE, Wi-Fi, etc.). As can be appreciated, driver(s) 420 may also be configured to control wired hardware components (eg, USB driver, Ethernet driver, etc.) associated with interfaces 424 , 428 , and/or 432 . can be configured.

The system interface 424 may include hardware that facilitates communications with system interfaces of other readers 112 to create a reader network. The system interface 424 may include an Ethernet port, a Wi-Fi card, a network interface card (NIC), a cellular interface (eg, antenna, filters, and associated circuitry), and the like. System interface 424 may be configured to facilitate connection between system interfaces of other readers 112 . The connection may be a connection between the readers 112 themselves and/or a connection using the communication network 128 . System interface 424 may be further configured to encode and decode communications (eg, packets) according to a protocol used by readers 112 and/or communication network 128 .

In addition, system interface 424 may include one or more user input devices and/or one or more user output devices. Examples of suitable user input devices that may be included in system interface 424 include, without limitation, buttons, keyboards, mice, touch sensitive surfaces, pens, cameras, microphones, and the like. Examples of suitable user output devices that may be included in system interface 424 include, without limitation, display screens, touchscreens, lights, speakers, and the like. It should be understood that the system interface 424 may also include a combined user input and user output device, such as a touch sensitive display, or the like.

The reader interface 428 may correspond to hardware that facilitates communications and credential data for the mobile device 108 . Reader interface 428 may include a Bluetooth interface (eg, antenna and associated circuitry), a Wi-Fi/802.11N interface (eg, antenna and associated circuitry), an NFC interface (eg, antenna and associated circuitry), include a UWB interface (eg, antenna and associated circuitry), an infrared interface (eg, LED, photodiode, and associated circuitry), and/or an ultrasonic interface (eg, speaker, microphone, and associated circuitry). can do. In some embodiments, reader interface 428 is specifically provided to facilitate credential and proximity based communications over a communications channel or multiple communications channels.

Network interface 432 may include hardware that facilitates communications with other communication devices over communication network 128 . As noted above, network interface 432 may include an Ethernet port, a Wi-Fi card, a network interface card (NIC), a cellular interface (eg, antenna, filters, and associated circuitry), and the like. The network interface 432 may be configured to facilitate a connection between the mobile device 108 and the communication network 128 and communicates (eg, packets) according to a protocol used by the communication network 128 . may be further configured to encode and decode

5 illustrates various stages of credential 108 accessing reader 112 in system 100 . As shown in FIG. 5 , in a first stage 1 , the credential 108 crosses the contact range of the system 100 . At this stage, there is no communication between the reader 112 and the credentials 108 . However, the reader 112 and/or the credentials 108 may be actively seeking to establish a connection with another device. For example, the leader 112 may be “listening” for requests by the credentials 108 to establish a connection with the leader 112 .

In the second stage 2, the credential 108 entered the contact holding range of the leader 112 . At this stage, the leader 112 establishes a link (or session) with the credentials 108 . For example, the reader 112 initiates establishing a link with the credential 108 when the credential 108 enters the contact range of the reader 112 . In at least one example embodiment, the keep-alive range is based on the transmit/receive ranges of the reader 112 and/or the credential 108 . The contact range may further be based on the operating frequency of the protocol used to establish the link between the reader 112 and the credential 108 . In at least one example embodiment, the leader 112 is configured to determine the maintenance range based on the environment surrounding the leader 112 . For example, reader 112 may be configured to determine a level of interference surrounding reader 112 (eg, using time of flight (ToF) principles, channel estimation techniques, etc.) Any number of known operations may be performed. The reader 112 can control the reader 112 (eg, by raising or lowering the transmit power, ignoring or accepting requests for connection by the credentials 108 within a threshold distance of the reader 112 , etc.) The surrounding environment can be periodically re-evaluated and the contact range adjusted based on that. Additionally or alternatively, the reader 112 may determine the contact range based on other factors, such as the number of credentials 108 within the communication range of the reader 112 . For example, if the number of credentials 108 within the communication range of the reader 112 exceeds a threshold, then the reader 112 (eg, temporarily reduces the transmit power and By ignoring credentials 108 that cross a threshold distance, etc.), the contact range may be reduced. Here, it should be understood that the above-described threshold distance(s) and timings may be design parameters set based on empirical evidence and/or preference.

In addition to establishing a link between the leader 112 and the credential 108 , the second stage may also include performing mutual authentication between the leader 112 and the credential 108 . The second stage is when the reader 112 receives the credential data from the credential 108 , verifies the credential data, marks the credential 108 as valid based on the credential data, and the credential 108 ) may further include tracking the location of In a second stage, the leader 112 delays making access control decisions on the credentials 108 .

In the third stage 3, the credential 108 has entered the decision scope of the leader 112 (or an access mechanism under the control of the leader 112). The scope of the decision is that the reader 112 makes access control decisions on the credentials 108 and controls the access control mechanism (eg, a door) to allow or deny access to an asset or zone secured by the reader 112 . It can correspond to the distance from the reader 112. In at least one demonstrative embodiment, the leader 112 makes an access control decision for the credential 108 upon entry of the credential 108 into the decision range, but the credential 108 outweighs the decision range. Delay triggering the access control mechanism until it enters another range (eg, an access range) closer to . The communication protocol used for communication between the credential 108 and the reader 112 while the credential 108 is within the determination range of the leader 112 means that the credential 108 is within the contact range of the leader 112. It may be the same or a different protocol used for communication between the credential 108 and the reader 112 while on the go. For example, a Bluetooth or BLE protocol may be used for communication between the credential 108 and the reader 112 while the credential 108 is within contact range of the reader 112 while the UWB or NFC protocol may be While the credential 108 is within the determination range of the leader 112 , it may be used for communication between the credential 108 and the leader 112 .

6 illustrates an example scenario for the systems 100 of FIGS. 1A and 1B , where the system 100 includes a plurality of leaders 112 and a plurality of credentials 108 . As shown in FIG. 6 , system 100 includes leaders 112A-C as well as multiple credentials 108 including a selected credential 108S. 6 shows a reader controller 600 that enables communication between the readers and/or control via the readers 112A-C, eg, via a communication network compatible with the respective system interfaces 424. is further exemplified. Reader controller 600 may include a message broker adhering to Message Queuing Telemetry Transport (MQTT), which may correspond to the ISO standard ISO/IEC PRF 20922. The reader controller 600 may correspond to a local or remote server with storage and processing capabilities. In at least one example embodiment, the reader controller 600 is included in the access server 120 .

6 includes multiple readers 112A-C using at least the Bluetooth protocol, for example using Bluetooth Smart based credentials and Bluetooth MAC address based marking, along with any other communication protocols, if desired. Assume an example scenario where In this example, reader 112B includes a marking operation to keep the connection between credential 108S and reader 112B active in stage 2 of FIG. 5 for the selected credential 108S. perform all of the actions.

The reader 112B then issues a marking event including the MAC address of the credential 108S to the reader controller 600 . These operations may include additional low-level radio protocol-based information such as the Bluetooth channel hopping scheme adopted for a particular connection.

As shown in Figure 6, other leaders 112A and 112C subscribe to reader controller 600, receive notifications of marking events, and begin tracking "marked" valid credentials 108S. One option is for leaders 112A and 112C to analyze and/or monitor communication between credential 108S and reader 112A to detect that credential 108S has been marked and is being tracked. For example, readers 112A and 112C may monitor and/or analyze Bluetooth communication and search for specific packets continuously transmitted by credential 108S while still in connection to reader 112B. Tracking or ranging the credential 108S may alternatively or additionally be performed using a different communication protocol than that used to authenticate and/or mark the credential 108S. For example, a Bluetooth or BLE protocol may be used to authenticate and/or mark the credential 108S while the UWB protocol may be used to track or classify the credential 108S.

When reader 112A detects a credential that has been marked at close range as valid, reader 112A makes an access control decision for credential 108S that was previously entered by reader 112B. Access control decisions for credential 108S may be performed using the same or different communication protocol as used for authentication and/or marking and the same or different from that used to track or classify credential 108S. . For example, a Bluetooth or BLE protocol and/or UWB protocol may be used to authenticate, mark, and/or categorize the credential 108S while an NFC or UWB protocol may be used for access control decisions. As described above, when the plurality of readers 112A-C communicate with each other through the communication network, the first reader 112B among the plurality of readers marking and tracking the credential 108S is the plurality of readers 112A and 112C) may notify the others of the plurality of readers 112A and 112C that the credential 108S is marked and tracked to allow them to track the credential 108S.

Additionally or alternatively, the remainder of the plurality of leaders 112A and 112C cooperate with the first leader 112B to allow the leaders 112A and 112B to make access control decisions on the credential 108S. It monitors and/or analyzes communications between the credentials 108S.

In at least one demonstrative embodiment, reader 112B issues all information that will allow 112A to directly take over communication with credential 108S (e.g., reader 112B can hand off control of credential 108S to begin tracking and issuing information about credential 108S). For example, leader 112B issues information about the session between leader 112B and credentials 108S so that leader 112A can take over the session.

7 illustrates a method 700 according to at least one example embodiment. As shown in FIG. 7 , the method begins at operation 700 and ends at operation 768 . It should be understood that the method may include additional operations not illustrated. Moreover, the acts of the method may be performed in an order different from that shown, if desired. The method may be performed on the system 100 by one or more of the elements described above of FIGS. 1A-6 . Accordingly, FIG. 7 will be discussed in relation to FIGS. 1A-6 .

At operation 704 , the method determines whether the credential 108 is within the contact range of the at least one reader 112 . For example, the credential 108 may be obtained by checking for a broadcast signal from the leaders 112 and/or from the readers 112 and the access server 120 in communication with the credential 108 by checking the nearby leaders 112 . ) is scanned. Otherwise, then the method continues to check if the credential 108 is within the keep-alive range.

If so, then the method establishes a link (or wireless link) with the credential 108, via a first communication network that enables wireless communication. For example, the credential 108 may initiate establishing a link with the leader 112 when the credential 108 enters the contact range. In another example, the at least one leader 112 initiates establishing a link when the credential 108 enters the contact range of the at least one leader. Establishing the link may include establishing a transport protocol link and a session between the at least one reader 112 and the credential 108 , which may include establishing a transport protocol link and a session between the at least one reader 112 and the credential 108 , depending on the protocol used in the first communication network. exchanging various request and acknowledgment messages between the leader 112 and the credential 108 . According to at least an exemplary embodiment, the keep-of-contact range is based on the transmit/receive ranges of the at least one reader 112 and/or the credential 108 . Additionally or alternatively, the contact range may depend on the operating frequency of the protocol used to establish the link, the environment surrounding the at least one reader, and/or other factors as discussed above with reference to FIG. can be based

In at least one demonstrative embodiment, the wireless link between the credential 108 and the access server 120 is established and maintained over a wireless network, such as Wi-Fi, LTE, etc. while a separate link (eg, RS A wired link such as a -422 link) is established between the access server 120 and the at least one reader 112 . In this case, the access server 120 marks/tracks the credential 108 and manages the operation of the system 100 in accordance with the operations of FIG. 7 for the credential 108 and makes access control decisions to the leaders. 112) can be communicated.

At operation 712 , the method performs mutual authentication between the credential 108 and the at least one reader 112 over the link. The mutual authentication process may include any known method for authenticating two devices. For example, authentication operations include Fast Identity Online Universal Second Factor (FIDO U2F), FIDO 2.0 (Client to Authenticator Protocol (CTAP)), open authentication ) (OATH) initiative, public key infrastructure (PKI), personal identity verification (PIV), open protocol for access control, identification, and ticketing with privacy (OPACITY) etc. can be used to adhere to protocols/standards for communication.

At operation 716 , the method determines whether mutual authentication is successful. Otherwise, the method terminates the link at operation 720 .

If the mutual authentication is successful at operation 716, then the method proceeds to operation 724 and receives, via the link, credential data. For example, the credential 108 transmits credential data to the at least one reader 112 over the link. Mutual authentication occurs when the at least one leader 112 has self-established as the trusted leader for the credential 108 and when the credential is self-established as the trusted credential 108 for the at least one leader 112. It is considered successful when As discussed above, credential data may include one or more keys (eg, unique keys) or other data stored in key vaults 312 and/or 412 .

At operation 728 , the method includes verifying that the credential 108 is valid based on the credential data. For example, the at least one reader 112 compares the credential data received from the credential 108 with the stored credential data from the key vault 412 . If there is no match, then the credential 108 is determined to be invalid and the method proceeds to operation 732 and terminates the link. If there is a match, then the credentials 108 are determined to be valid and the method proceeds to operation 736 . Validating the credential data may additionally or alternatively include checking the user's biometric information of the credential 108 to ensure that the user is an authorized user of the credential 108 . have. The biometric information may be checked (eg, via facial recognition, fingerprint sensing, etc.) in the credential 108 if the remaining elements of the access control system 100 do not have knowledge of the biometric information.

At operation 736 , the method marks the credential 108 as valid and tracks the location of the credential 108 . According to at least one demonstrative embodiment, the method includes making or delaying an access control decision for the credential 108 based on the location of the credential 108 (see operations 740 - 748 ). . According to at least one example embodiment, the location of the credential is tracked with respect to the at least one reader 112 . In at least one example embodiment, only one reader 112 tracks the location of the credential 108 . In at least one other example embodiment, multiple readers 112 track the location of a single credential 108 or position it by a single reader 112 (eg, via reader controller 600 ). be notified

Example embodiments include different schemes for marking credential 108 as valid in operation 736 . For example, at least one example embodiment includes marking the transport protocol MAC address of the credential 108 , such that the established link is an open session and the MAC address of the credential 018 remains for the duration of the open session. This can be useful when fixed. Another example embodiment includes marking a TCP/IP protocol IP address and/or other network protocol identifier that may be used to uniquely or substantially uniquely identify the credential, at least on a temporary basis. Another exemplary embodiment includes marking the session identifier of the session established between the credential and the leader. In another example, the reader 112 may drop an “access token,” a one-time password (OTP), etc., onto the device that can be read by the reader 112 at a desired distance. In another example, the reader 112 may send a temporary key to the credential, which then in the proprietary protocol's key proof (eg, as a challenge response or credential generated cipher or signature based on the temporary key). Can be used for leader.

Example embodiments include different schemes for tracking the credential 108 in operation 736 . For example, operation 736 may include the at least one reader 112 tracking the location of the credential based on a received signal strength indication (RSSI) from the credential 108 . may include The stronger the RSSI from the credential 108 , the closer the credential 108 is to the detection reader 112 . Tracking involves estimating the potential angle of arrival of the credential 108 to track the credential 108 for one or more readers 112 (eg, using multiple antennas or triangulation with multiple readers). ) and/or using time-of-flight properties (and in exemplary embodiments with multiple antennas or multiple readers, additionally using, for example, trilateration or multilateration techniques) or Alternatively, it may include

In at least one exemplary embodiment, it is possible to track the credentials 108 based on an ongoing transport protocol connection when the connection remains open. Here, example embodiments may use a packet-based protocol, such as Bluetooth Smart (BLE) or Wi-Fi, to analyze packets sent to reader 112 by credential 108 . For example, operation 736 includes periodically pinging the credentials 108 by the at least one reader 112 to keep the link open (eg, to allow tracking). . For example, reader 112 may “ping” credential 108 by trying to read some existing data or even attempting to read some nonexistent data at regular intervals. Pinging simulates to the credential 108 that the leader 112 is still transacting with the credential 108 , so the credential 108 will not close the connection to the leader 112 .

Furthermore, operation 736 may include the at least one reader 112 tracking the location of the credential 108 by receiving a broadcast signal from the credential 108 . The broadcast signal may include a token belonging to the credential 108 to identify the credential for the at least one reader 112 . For example, the credential 108 may be given an access token that is then broadcast (advertised) by the credential 108 . The reader 112 will then scan/listen for those advertisements containing the access token to both mark and track the credential 108 . In at least one example embodiment, the advertisement changes based on time and the advertisement includes a password that is calculated based on time and a temporary key that is provisioned as described above. One such example would have a cut-off time-based one-time password (TOTP) password in an advertisement with a password that is changed periodically (eg, every 30 seconds).

The communication protocol used for communication between the credential 108 and the reader 112 during credential verification (eg, operation 728) determines whether the credential 108 is within the scope of a determination (eg, operation ( 740 )) may be the same or different protocol used for communication between the credential 108 and the reader 112 to track or classify the credential 108 . For example, a Bluetooth or BLE protocol may be used for communication between the credential 108 and the reader 112 during credential verification while the UWB or NFC protocol may use the credential ( 108 ) and the reader 112 .

Although not explicitly shown, the method is performed when the number of credentials 108 tracked by at least one reader 112 exceeds a threshold and at least one other unauthenticated credential 108 is greater than the tracked credential. It should be understood that it may include an operation between operations 736 and 740 that includes stopping tracking the credential 108 when it is closer to the leader 112 of the . Here, it should be understood that the at least one reader 112 then performs the operations of FIG. 7 on the unauthenticated credential 108 . This allows at least one reader 112 to prioritize nearby credentials 108 to further improve throughput at the access points.

At operation 740 , the method includes determining whether the credential 108 is within a determination range of the at least one leader 112 . Here, as noted in the discussion of FIG. 5 , the determination range may correspond to a first distance from the at least one leader 112 , and the hold-in range may correspond to a second distance from the at least one leader greater than the first distance. Can respond to distance Both the determination range and the contact range may be design parameters selected based on empirical evidence, the capabilities of the communication protocol or protocols used for communication within the contact and contact ranges, and/or preference.

When the location of the credential 108 indicates that the credential 108 is not within the determining range (or first distance) of the at least one leader 112 , the method is such that the at least one leader 112 determines that the credential Proceed to operation 744 to delay making an access control decision for 108 . The method then returns to operation 740 to continue checking whether the credential 108 is within the determination range.

If at operation 740 the location indicates that the credential is within the determination range, then the method proceeds to operation 748 where the at least one leader 112 makes an access control decision on the credential 108 . Access control decisions may be made by the reader 112 itself or by an access control system coupled to the reader 112 . For example, the reader 112 or access control system may whitelist (eg, whitelist) the verified credential data to determine if the credential 108 is allowed to access the area secured by the reader 112 . stored in the reader or access control system).

The communication protocol used for communication between the credential 108 and the reader 112 during credential verification (eg, operation 728 ) is the credential for access control decisions (eg, operation 748 ). It may be the same or different protocol used for communication between 108 and reader 112 . For example, a Bluetooth or BLE protocol may be used for communication between the credential 108 and the reader 112 during credential verification while the NFC protocol is used between the credential 108 and the reader 112 for access control decisions. can be used for communication. Similarly, the communication protocol used to track or classify the credential 108 to determine whether the credential 108 is within the scope of the decision (eg, operation 740 ) may depend on the access control decision (eg, operation 740 ) , the same or different protocol used for communication between the reader 112 and the credentials 108 for operation 748 ). For example, a Bluetooth (eg, BLE) or UWB protocol may be used to track or classify the credential 108 to determine whether the credential 108 is within the scope of a decision, while the NFC protocol may be used to control access It can be used for communication between the credential 108 for decision and the leader 112 .

At operation 752 , the method includes determining whether the access control decision is a positive access control decision. Otherwise, the method proceeds to operation 756 , denying access to the credential 108 before terminating the link in operation 764 . If so, the method proceeds to operation 760 for granting access to the credentials 108 . For example, the at least one reader 112 controls at least one access mechanism (eg, a door, a revolving door, etc.) to deny or allow access to an area secured by the at least one reader. The method then proceeds to operation 764 where the link is terminated. According to at least one demonstrative embodiment, the at least one reader 112 stops tracking the credential 108 and terminates the link upon entry of the credential 108 into the zone via the at least one access mechanism. . Such operations may include the at least one reader 112 tracking the credential 108 until the credential 108 crosses a threshold of the at least one access mechanism, where tracking ceases and the credential 108 is stopped. A link between the dental and the at least one reader 112 is terminated. The threshold may be defined at some desired distance away from secured aspects of at least one access mechanism associated with the zone.

In at least one demonstrative embodiment, the method operates 748 to determine whether the credential 108 is within the access range of at least one access mechanism (or leader 112 ) prior to granting or denying access to the zone. ) and subsequent actions. That is, the leader 112 makes an access control decision for the credential 108 upon entry of the credential 108 into the decision scope, but the credential 108 is more dependent on the access mechanism and/or reader 112 than the decision scope. Delay triggering the access control mechanism until another close range (eg, access range) is entered. This access range may be a design parameter established based on empirical evidence, the capabilities of the communication protocol used for the access range, and/or preference.

8 illustrates a method according to at least one example embodiment. In the method, the at least one reader 112 may communicate with the credential 108 using at least Bluetooth (eg, BLE) and NFC protocols. At operation 800 , the method determines whether the credential 108 is within the contact range of the at least one leader 112 and at operation 804 , the credential 108 has contact with the at least one leader 112 . Establishes a link between the at least one reader 112 and the credential 108 when entering the holding range. Similar to the method of FIG. 7 , unless described in detail again, at operation 808 , the method of FIG. 8 may also include operations of mutual authentication and/or credential verification. As part of operation 808 , the at least one reader 112 may provide, generate and provide an access token, such as an OTP associated with the session, to the credential 108 . Operations 804 and 808 may be completed using a communication network established between the credential 108 and the at least one reader 112 using a Bluetooth (eg, BLE) protocol.

Thereafter, at operation 812 , the method includes the user 102 of the credential 108 “tapping” the credential within proximity (eg, within NFC coverage range) with the at least one reader 112 or otherwise fetching and establishing a link between the at least one reader 112 and the credential 108 using the NFC protocol. In operation 816 , upon communication with the at least one reader 112 using the NFC protocol, the credentials 108 are transferred to the at least one reader 112 in an access token (eg, at least one reader 112 ). by using the Bluetooth protocol to provide the previously provided OTP to the credentials 108 . In operation 820 , the at least one reader 112 transmits the access token received from the credential 108 using the NFC protocol to the access token of the at least one reader 112 previously transmitted to the credential 108 . compare with If the access tokens match, then at operation 824 the at least one reader 112 may grant the user access. If the access tokens do not match, then at operation 828 the at least one reader 112 may deny access to the user.

In some demonstrative embodiments, as an alternative to (or in addition to) using an NFC capable reader to take advantage of the use of the NFC protocol, NFC tag 132 (see FIG. 1B ) may be used. NFC tag 132 may be located or placed within the crystal and/or access range. NFC tag 132 may, but need not, be communicatively coupled with one or more reading devices 112 and/or communication network 128 .

9 illustrates a method using an NFC tag 132 in accordance with at least one example embodiment. In the method, the at least one reader 112 may communicate with the credentials 108 using at least Bluetooth (eg, BLE) or a similar protocol. At operation 900 , the method determines whether the credential 108 is within the contact range of the at least one leader 112 and at operation 904 the credential 108 is contacted by the at least one leader 112 . Establishes a link between the at least one reader 112 and the credential 108 when entering the holding range. Similar to the method of FIG. 7 , although not described in detail again, at operation 908 , the method of FIG. 9 may also include operations of mutual authentication and/or credential verification. As part of operation 908 , the at least one reader 112 may provide, generate, and provide an access token to the credential 108 . In this example embodiment, the access token may be a fixed lock identifier (ID) programmed into or stored on the NFC tag 132 . Operations 904 and 908 may be completed using a communication network established between the credential 108 and the at least one reader 112 using Bluetooth (eg, BLE) or a similar protocol. A communication network established between the credentials 108 and the at least one reader 112 may be maintained for subsequent operations.

Thereafter, at operation 912 , the method indicates that the user 102 of the credential 108 “taps” the credential within proximity (eg, within NFC coverage range) to the NFC tag 132 or otherwise fetching and establishing a link between the NFC tag 132 and the credential 108 using the NFC protocol. At operation 916 , upon communicating with the NFC tag 132 using the NFC protocol, the credentials 108 can read or receive an access token (eg, a fixed lock ID) from the NFC tag 132 . . At operation 920 , the credentials 108 use a Bluetooth (eg, BLE) or similar protocol to transfer an access token (eg, a fixed lock ID) received from the NFC tag 132 using the NFC protocol. and compares the access token (eg, fixed lock ID) of the at least one reader 112 previously sent to the credential 108 . If the access tokens match, then at operation 924 the credential 108 communicates or transmits an “unlock” command to the at least one reader 112 using Bluetooth (eg, BLE) or similar protocol. do. If the access tokens do not match, then at operation 928 , the credential 108 does not send an “unlock” command to the at least one reader 112 , but another command indicating that the access tokens do not match. It may, but need not, transmit to at least one reader 112 .

10 illustrates another method using an NFC tag 132 in accordance with at least one example embodiment. In the method, the at least one reader 112 may communicate with the credentials 108 using at least Bluetooth (eg, BLE) or a similar protocol. At operation 1000 , the method determines whether the credential 108 is within the contact range of the at least one leader 112 and at operation 1004 the credential 108 is within contact with the at least one leader 112 . Establishes a link between the at least one reader 112 and the credential 108 when entering the holding range. Similar to the method of FIG. 7 , although not described in detail again, at operation 1008 , the method of FIG. 10 may also include operations of mutual authentication and/or credential verification. As part of operation 1008 , the at least one reader 112 may provide or generate and provide an access token to the credential 108 . In this example embodiment, the access token may be a dynamic token, such as an OTP associated with the session. At operation 1010 , the method may also program or store a dynamic token (eg, OTP) with the NFC tag 132 . Alternatively, NFC tag 132 may be programmed with or use an algorithm to determine a corresponding token or OTP. Operations 1004 and 1008 may be completed using a communication network established between the credential 108 and the at least one reader 112 using Bluetooth (eg, BLE) or a similar protocol. A communication network established between the credentials 108 and the at least one reader 112 may be maintained for subsequent operations.

Thereafter, at operation 1012 , the method determines that the user 102 of the credential 108 “taps” the credential within proximity (eg, within NFC coverage range) to the NFC tag 132 or otherwise fetching and establishing a link between the NFC tag 132 and the credential 108 using the NFC protocol. In operation 1016 , upon communicating with the NFC tag 132 using the NFC protocol, the credentials 108 may read or receive an access token (eg, OTP) from the NFC tag 132 . At operation 1020 , the credential 108 uses a Bluetooth (eg, BLE) or similar protocol to create an access token (eg, OTP) received from the NFC tag 132 using the NFC protocol. Compare to the access token (eg, OTP) of the at least one reader 112 previously sent to the credential 108 . If the access tokens match, then at operation 1024 the credential 108 communicates or sends an “unlock” command to the at least one reader 112 using Bluetooth (eg, BLE) or similar protocol. do. Alternatively, the credential 108 may write an “unlock” command to the NFC tag 132 that may be communicated to the at least one reader 112 or an access control system to allow user access. If the access tokens do not match, then at operation 1028 , the credential 108 does not send an “unlock” command to the at least one reader 112 or writes an “unlock” command to the NFC tag 132 . Rather, it may, but need not, send another command to the at least one reader 112 indicating that the access tokens do not match.

Although example embodiments have been described for operations involving a credential/mobile device 108 , the same operations may be performed on one or more of the wearable devices 104 or any other device having credential data and wireless communication capabilities It should be understood that this can be done for

In view of the foregoing description, it should be understood that exemplary embodiments provide systems, methods, and devices for improving throughput in high traffic access control scenarios while maintaining a high level of security. Example embodiments may also realize improvements in load balancing of the system in that tracking of credentials may be spread evenly among multiple readers.

In one or more embodiments, the method may be implemented using a processor executing machine readable instructions, which may be provided on a machine readable medium. Machine-readable media may include non-transitory storage media, such as RAM, ROM, buffer memory, flash memory, solid state memory, or variations thereof, or a signal transmitted over a transitory or transmission medium, such as a network.

It should be understood that throughout the foregoing description, references to various elements as “first,” “second,” etc. are not limiting. That is, the terms “first”, “second”, etc. are used for convenience of description and may be interchangeable in some cases. For example, an element described as "a first" may later be referred to as a "second" or vice versa without limiting the exemplary embodiments.

Specific details have been given in the description to provide a thorough understanding of the embodiments. However, it will be understood by one of ordinary skill in the art that the embodiments may be practiced without these specific details. In other instances, well-known circuits, processes, algorithms, structures, and techniques may be shown without unnecessary detail in order to avoid obscuring the embodiments.

While exemplary embodiments of the disclosure have been described in detail herein, it is to be understood that the inventive concepts may be variously embodied and utilized in other ways, and that the appended claims shall be construed to include such modifications, except as limited by the prior art. It should be understood that this is intended.

Claims (29)

An access control system comprising:
credential including credential data; and
at least one leader
Including, the at least one leader,
receive the credential data via a link;
verify that the credential is valid based on all or portions of the credential data;
mark the credential as valid and track the location of the credential with respect to the at least one reader;
and make or delay an access control decision for the credential based on the location of the credential. The method of claim 1 , wherein the at least one reader is configured to delay making an access control decision for the credential when the location indicates that the credential is not within a first distance of the at least one reader. and the at least one reader is configured to make an access control decision for the credential when the location indicates that the credential is within the first distance. The access control system according to claim 1 or 2, wherein the at least one reader and the credential perform mutual authentication before the at least one reader receives the credential data. 3. The method of claim 2, wherein the at least one leader or the credential establishes the link when the credential enters an engagement range of the at least one leader, the contact retention range being the first and corresponding to a second distance from the at least one reader that is greater than one distance. 5. The system of claim 4, wherein the contact range is based on transmit/receive ranges of the at least one reader and the credential, and an operating frequency of a protocol used to establish the link. 5. The system of claim 4, wherein the at least one reader is configured to determine the contact range based on an environment surrounding the at least one reader. 7. The method according to any one of claims 4 to 6,
at least one access mechanism that denies or permits access to a zone associated with the at least one leader based on an access control decision by the at least one leader, wherein the at least one leader determines that the credential is and trigger the at least one access mechanism when within a third distance of the at least one reader or the at least one access mechanism, the third distance being less than the first distance. 8. The method of claim 7, wherein the at least one leader stops tracking the credential and upon entry of the credential into the zone via the at least one access mechanism or upon exit of the credential from the contact range. terminating the link. 9. The system of any preceding claim, wherein the at least one reader is configured to track the location of the credential based on a received signal strength from the credential. 10. The system of any one of claims 1 to 9, wherein the at least one reader is configured to estimate the angle of arrival of the credential. 11. The method of any preceding claim, wherein the at least one reader is configured to track the location of the credential based on a time of flight property of a received signal from the credential. being an access control system. 12. The access control of any preceding claim, wherein the at least one reader is configured to track the location of the credential by periodically pinging the credential to keep the link open. system. 13. The method of any one of claims 1 to 12, wherein the at least one reader is configured to track the location of the credential by receiving a broadcast signal from the credential, the broadcast signal comprising the at least one reader. and a token belonging to the credential to identify a credential for a leader. 14. The method according to any one of claims 1 to 13, wherein the at least one leader is selected when the number of credentials tracked by the at least one leader exceeds a threshold and other unauthenticated credentials are greater than the tracked credentials. and stop tracking the credential when it is closer to the at least one reader. 15. The method of any one of claims 1 to 14, wherein the at least one reader is a plurality of readers communicating with each other through a communication network, and a first reader among the plurality of readers marking the credentials is the plurality of readers. informing at least a remainder of the plurality of readers that the credential is marked and tracked to allow at least the remainder of the credential to be tracked. 16. The method according to any one of claims 1 to 15, wherein the at least one reader is a plurality of readers communicating with each other through a communication network, and a first leader among the plurality of readers has marked the credential, and the plurality of readers wherein a first leader or at least the remainder of the leaders of the plurality of readers monitors communication between the first leader and the credential to allow a first leader or at least the remainder of the plurality of readers to make an access control decision on the credential. , access control systems. An access control method comprising:
establishing a wireless link with a credential, the credential comprising credential data;
receiving the credential data over the wireless link;
verifying that the credential is valid based on the credential data;
marking the credential as valid and tracking the location of the credential with respect to the at least one reader; and
making or delaying an access control decision for the credential based on the location of the credential.
Including, an access control method. 18. The method of claim 17, wherein marking the credential comprises a medium access control (MAC) address of the credential, a TCP/IP protocol IP address of the credential, or establishing between the credential and the at least one reader. An access control method comprising the step of marking at least one of the session identifiers of the session being 19. The method of claim 17 or 18, wherein marking the credential comprises providing the credential with an access token that can be read by the at least one reader. 20. The method of any one of claims 17-19, wherein marking the credential comprises providing the credential with a temporary key that can be used by the at least one leader in a key proof of a proprietary protocol. which is an access control method. 21. The access control of any of claims 17-20, wherein the step of making or delaying the access control decision comprises the access control when the location indicates that the credential is not within a first distance of the at least one reader. deferring determination, and making an access control decision for the credential when the location indicates that the credential is within the first distance. 22. The method of claim 21, wherein said establishing comprises establishing said wireless link when said credential enters a contact-holding range of said at least one reader, said contact-holding range being greater than said first distance. corresponding to a large second distance from at least one reader, wherein the contact-hold range is based on transmit/receive ranges of the at least one reader and the credential. 23. The method of claim 22,
and determining the contact range based on an environment surrounding the at least one reader and the credential. 24. The method according to any one of claims 17 to 23,
and stopping tracking of the credential and terminating the link upon entry of the credential through an access mechanism under the control of the at least one leader. As a leader,
a first communication interface for wireless communication;
processor; and
memory containing instructions
wherein the instructions, when executed by the processor, cause the processor to:
when the credential is within a first distance of the reader, use the first communication interface to establish a link with the credential, the credential comprising credential data;
receive, via the link, the credential data;
verify that the credential is valid based on the credential data;
mark the credential as valid and track the location of the credential with respect to the reader;
cause or delay an access control decision for the credential based on whether the location of the credential indicates that the credential is within a second distance of the reader, wherein the second distance is less than the first distance , leader. 26. The method of claim 25,
further comprising a second communication interface for communicating with a plurality of other leaders, wherein the instructions enable the plurality of other leaders to make the access control decision or take over the link from the first communication interface to the credential. instructions for causing the processor to share information in the credential with the plurality of other readers to As a method,
when the credential is within a first distance of a reader, using the first communication interface, establishing a link with the credential, the credential comprising credential data;
receiving the credential data via a link;
verifying that the credential is valid based on the credential data;
marking the credential as valid and tracking the location of the credential with respect to the reader; and
making or delaying an access control decision for the credential based on whether the location of the credential indicates that the credential is within a second distance of the reader, the second distance being less than the first distance
A method comprising 28. The method of claim 27, wherein information in the credential is shared with the plurality of other leaders to enable a plurality of other leaders to make the access control decision or take over the link from the first communication interface to the credential. The method further comprising the step of: 29. A machine readable medium carrying machine readable instructions, which, when executed by a processor of a machine, cause the machine to perform the method of claim 27 or claim 28.

Images